/**
* Automatic post-registration user authentication
*/
protected function authenticateAccount(Netizen $account)
{
$cred = $account->getCredential();
$token = new Token('secured_area', $cred->getProviderKey(), $cred->getUid(), $account->getRoles());
$token->setUser($account);
$this->get('security.context')->setToken($token);
}
public function buildToken(Request $req, $firewallName)
{
$uid = $req->query->get('uid');
$token = new Token($firewallName, 'dummy', $uid, [self::IDENTIFIED]);
$token->setAttribute('nickname', $req->query->get('nickname'));
if (!empty($req->query->get('gender'))) {
$token->setAttribute('gender', $req->query->get('gender'));
}
return $token;
}
public function buildToken(Request $req, $firewallName)
{
$token = $this->provider->getAccessToken('authorization_code', ['code' => $req->query->get('code')]);
$providerKey = $req->attributes->get('provider');
// We got an access token, let's now get the user's details
/** @var \League\OAuth2\Client\Entity\User */
$userDetails = $this->provider->getUserDetails($token);
$internToken = new Token($firewallName, $providerKey, $userDetails->uid, [self::IDENTIFIED]);
$internToken->setAttribute('nickname', $userDetails->name);
$internToken->setAttribute('gender', ($userDetails->gender = 'male') ? 'xy' : 'xx');
$this->logger->debug('facebook', $userDetails->getArrayCopy());
return $internToken;
}
protected function setUp()
{
$kernel = static::createKernel();
$kernel->boot();
$this->formFactory = $kernel->getContainer()->get('form.factory');
$this->collection = $kernel->getContainer()->get('dokudoki.collection');
$this->factory = $kernel->getContainer()->get('security.netizen.factory');
$this->repository = $kernel->getContainer()->get('social.netizen.repository');
$session = $kernel->getContainer()->get('session');
$token = new Token('secured_area', 'dummy', '123456789');
$token->setAttribute('nickname', 'dummy nickname');
$session->set(NotRegisteredHandler::IDENTIFIED_TOKEN, $token);
$this->sut = $this->formFactory->create('netizen_register', null, ['csrf_protection' => false, 'minimumAge' => 6, 'adminMode' => false]);
}
/**
* @dataProvider getUser
*/
public function testRedirect($granted, $path)
{
$default = new Netizen(new Author('kirk'));
$default->setCredential(new OAuth('1701', 'ufp'));
$request = new Request();
$token = new Token('secured_area', 'ufp', '1701');
$token->setUser($default);
$this->security->expects($this->atLeast(1))->method('isGranted')->will($this->returnCallback(function ($role) use($granted) {
return $role == $granted;
}));
$this->urlGenerator->expects($this->once())->method('generate')->with($path)->willReturn('ok');
$response = $this->sut->onAuthenticationSuccess($request, $token);
$cookie = $response->headers->getCookies()[0];
$this->assertEquals('oauth_provider', $cookie->getName());
$this->assertEquals('ufp', $cookie->getValue());
}
/**
* Do not use this method in dataProvider since they are called before setUp !
*/
protected function logIn($nick)
{
$repo = $this->getService('social.netizen.repository');
$user = $repo->findByNickname($nick);
if (!is_null($user)) {
$session = $this->client->getContainer()->get('session');
$firewall = 'secured_area';
$cred = $user->getCredential();
$token = new Token($firewall, $cred->getProviderKey(), $cred->getUid(), $user->getRoles());
$token->setUser($user);
$session->set('_security_' . $firewall, serialize($token));
$session->save();
$cookie = new Cookie($session->getName(), $session->getId());
$this->client->getCookieJar()->set($cookie);
$this->getService('security.context')->setToken($token);
}
}
public function onAuthenticationFailure(Request $request, AuthenticationException $exception)
{
$targetPath = $this->failureDefault;
$token = $exception->getToken();
$this->logger->debug('Authentication failure handled by ' . __CLASS__, [$exception, $exception->getPrevious(), $token]);
if ($exception instanceof BadCredentialsException && $exception->getPrevious() instanceof UsernameNotFoundException && $token instanceof Token && $token->getRoles()[0]->getRole() == ThirdPartyAuthentication::IDENTIFIED) {
$this->logger->info('Autoregister');
// create new user, persist and authenticate
$user = $this->repository->create($token->getUserUniqueIdentifier(), $token->getProviderKey(), $token->getAttribute('nickname'));
$newToken = new Token($token->getFirewallName(), $token->getProviderKey(), $token->getUserUniqueIdentifier(), $user->getRoles());
$this->repository->persist($user);
$newToken->setUser($user);
$this->security->setToken($newToken);
return $this->successLoginHandler->onAuthenticationSuccess($request, $newToken);
}
$request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, $exception);
return $this->httpUtils->createRedirectResponse($request, $targetPath);
}
public function buildToken(Request $req, $firewallName)
{
$providerKey = $req->attributes->get('provider');
// Retrieve the temporary credentials from step 2
$temporaryCredentials = unserialize($this->session->get(self::TEMP_CRED));
// Third and final part to OAuth 1.0 authentication is to retrieve token
// credentials (formally known as access tokens in earlier OAuth 1.0
// specs).
$tokenCredentials = $this->provider->getTokenCredentials($temporaryCredentials, $req->query->get('oauth_token'), $req->query->get('oauth_verifier'));
$this->session->remove(self::TEMP_CRED);
// We got an access token, let's now get the user's details
/** @var \League\OAuth1\Client\Entity\User */
$userDetails = $this->provider->getUserDetails($tokenCredentials);
$internToken = new Token($firewallName, $providerKey, $userDetails->uid, [self::IDENTIFIED]);
$internToken->setAttribute('nickname', $userDetails->nickname);
$this->logger->debug('twitter', iterator_to_array($userDetails->getIterator()));
return $internToken;
}
public function authenticate(TokenInterface $token)
{
if (!$this->supports($token)) {
return;
}
/* @var $token \Trismegiste\OAuthBundle\Security\Token */
try {
$found = $this->userProvider->findByOauthId($token->getProviderKey(), $token->getUserUniqueIdentifier());
} catch (Exception $notFound) {
throw new BadCredentialsException('Bad credentials', 0, $notFound);
}
if (!$found instanceof UserInterface) {
throw new AuthenticationServiceException('findByOauthId() must return a UserInterface.');
}
$authenticatedToken = new Token($this->firewallName, $token->getProviderKey(), $token->getUserUniqueIdentifier(), $found->getRoles());
$authenticatedToken->setAttributes($token->getAttributes());
$authenticatedToken->setUser($found);
return $authenticatedToken;
}
public function testAuthenticatedWithInvalidNetizen()
{
$token = new Token('secu', 'dummy', '123456');
$user = new Netizen(new Author('kirk'));
$token->setUser($user);
$event = $this->createEvent(new AccessDeniedHttpException());
$this->security->expects($this->once())->method('getToken')->willReturn($token);
$this->security->expects($this->once())->method('isGranted')->with(TicketVoter::SUPPORTED_ATTRIBUTE)->willReturn(false);
$bag = new \Symfony\Component\HttpFoundation\Session\Flash\FlashBag();
$this->session->expects($this->once())->method('getFlashBag')->willReturn($bag);
$this->sut->onKernelException($event);
$this->assertTrue($event->hasResponse());
$this->assertCount(1, $bag);
}
